The cost of computing and networking technologies have fallen to the point where computing and networking capabilities can be built into the design of many electronic devices in the home, the office and public places. The combination of inexpensive and reliable shared networking media with a new class of small computing devices has created an opportunity for new functionality based mainly on the connectivity among these devices. This connectivity can be used to remotely control devices, to move digital data in the form of audio, video and still images between devices, to share information among devices and with the unconstrained World Wide Web of the Internet and to exchange structured and secure digital data to support things like electronic commerce. A prevalent feature of these connectivity scenarios is to provide remote access and control of connected devices and services from another device with user interface capabilities (e.g., a universal remote controller, handheld computer or digital assistant, cell phones, and the like). The connectivity also enables many new applications for computing devices, such as proximity-based usage scenarios where devices interact based at least in part on geographical or other notions of proximity. This trend of ubiquitous and pervasive networked computing leads toward a world in which all types of devices are able to effortlessly and seamlessly interconnect and interact.
Common networking media (e.g., the Internet, Ethernet Local Area Network (LAN), wireless network, and the like) have a drawback in that they provide open, multiple user access to any device with an appropriate network adapter, or other physical connection to the networking medium. However, in many common situations, it is desirable to control which other devices and/or users can interact with a networked device. On a wireless network in a home environment, for example, the home owner may want to establish that various of the home owner's networked devices can interact (e.g., a networked telephone terminal with email display can interact with a home email server, or a music compact disk player can interact with a set of audio system amplifiers and speakers on the wireless home network), while at the same time preventing interaction with other devices that may access the network (e.g., a neighbor's devices within range of the wireless network). On an office LAN network, interaction with networked conference room devices (e.g., monitors, audio system, electronic white board, etc.) may be desirably limited to other devices owned by the business, and exclude outsider's devices that may gain access to the network (e.g., by being within wireless networking range, plugged into an Ethernet wall plate connector, or via an Internet connection to the office LAN network).
Cryptographic techniques can be used to protect confidentiality of communications between devices (e.g., via cryptographic encryption of data), protect message integrity (e.g., via a cryptographic checksum), authenticate sender identity (e.g., via a digital signature), and verify information presented by the sender is certified by a trusted authority (e.g., via digital certificates). Cryptographic encryption techniques can be based on well known symmetric key and public key encryption algorithms, such as the National Bureau of Standards' Data Encryption Standard (DES), Triple DES, the National Institute of Standards and Technology's (NIST) Advanced Encryption Algorithm (AES), the Diffie-Hellman-Merkle Algorithm, the RSA Algorithm, and the ElGamal Algorithm. Cryptographic checksum techniques can use well known message-digest algorithms, such as MD2, MD4, MD5, SHA and SHA-5. Digital signatures can use the well known NIST Digital Signature Standard (DSS), and the Digital Signature Algorithm (DSA). A well known digital certificate technique includes the X.509 digital certificate standard of the International Telecommunication Union-Telecommunication Standardization Sector (ITU-T) and ISO/International Electrotechnical Commission (IEC).
An obstacle to use of these cryptographic techniques to provide secure interaction within trust groups of devices on an open network is the difficulty in set-up or configuration of the devices with the necessary authentication, and identification information (e.g., cryptographic keys, identification certificates, user and/or group identity, password, etc.). This obstacle is a particularly significant impediment to establishing trust groups of devices on unmanaged networks, such as in the home or small business environments, where professional network administration is not available. With a trend towards pervasive networked computing, such unmanaged networks may predominate. For example, device manufacturers cannot expect the average non-technically savvy consumers to be willing or capable of setting up their now-pervasively-networked home appliances to establish trust group interaction among such devices.
The present invention is directed towards providing a way to easily setup devices on openly accessible network media to establish “trust webs” or sub-group of devices on the network media authorized to interact with each other. Using cryptographic techniques, the devices in a trust web distinguish which other devices on the openly accessible network media are authorized to access it, and communicate with such other devices. In an embodiment illustrated herein, a process (herein referred to as “branding”) electronically imprints a device with its initial trust group set up information to properly interact in a trust web with other members of the network. In one illustrated implementation, this information includes a name, a public key, a private key and a set of certificates the device will need to inter-operate with other trust group devices that form the trust web.
According to one aspect of the invention, the initial branding of an uninitialized device is performed using a branding device. Using digital certificates or other cryptographic techniques, the branding device electronically imprints the device with its identity and membership in the trust group. In one exemplary implementation, the device is imprinted with a name for the device, the branding device's public key, and digital certificates to specify that the device trusts the branding device, and is a member of a trust group. The device can then use the branding device's public key to verify certificates of other devices on the network that seek to interact with the device are also members of the trust group. The now branded device then willingly interacts with such other devices in the trust group.
According to another aspect of the invention, the uninitialized device accepts its initial branding by the branding device only via a limited access network interface, such as an universal serial bus (USB), infrared or other like network media interface that provides non-broadcast or limited broadcast, one-to-one communication. Further, the uninitialized device preferably refuses interaction over the open access network until branded by a branding device via its limited access network interface. These measures are intended to prevent unknown others from branding the uninitialized device on an unsecured network before the owner has the opportunity to perform its initial branding, or like other unauthorized access.
Alternatively, the branding also can be performed in a secure manner via a wireless or other multi-access broadcast network medium interface of the uninitialized device by placing the branding and/or uninitialized devices in a wave-guide and/or Faraday cage that physically limits the transmission to the branding and uninitialized devices.
Additional features and advantages will be made apparent from the following detailed description of the illustrated embodiment which proceeds with reference to the accompanying drawings.